Jon Callas wrote:
At 03:28 PM 9/26/97 -0700, Patrick Richard wrote:
Not necessarily if you use a non key-centric approach.
[...]
(not to stir up the semantic flames again)
I know this is kind of semantic BS, but the above is not a
key-as-principal system (key-centric is another term used to
describe
this). I was referring to key-centric systems when I stated that
"you can't solve revocation in a key-as-principal system".
(supporting both 'revoked-key centric' and 'key-centric' means that
you are in actual fact supporting tagged-centric systems which
means that they aren't key-centric, they are tag-centric and that
the tags just happen to refer to keys :-))
I guess this should all be taken with the original message in mind,
which was one in which a poster mentioned something like "wouldn't
it be great if the whole PKI was based on hashing someone's key"...
Sorry to turn the semantic BS table on you, Patrick, but what is the
major
problem, then? (insert smirk here)
No, there is no problem. I was just doing some semantic clarification.
:-)
I don't see how the problem is
different
for name-centric or key-centric systems.
Name-centric systems have the "naming problem", key-centric have the
"revocation problem" (we already know all of this). I guess I am trying
to point this out for the benefit of those one the list who advocate in
favour of either DN-centric or key-centric systems. The best system is
neither: provide tags and map to solve both problems.
I think we're in violent agreement here.
Definitely.
--
Pat Richard - patr(_at_)xcert(_dot_)com
Public Key Available via LDAP
http://www.xcert.com
"Every information object known to modern man is a candidate for
PKI-based ACL" - Young Etheridge